I ran into this recently while testing BitLocker on Dell's (in particular on a Dell E6410), I was under the impression that all Dell's shipping for a long time now were shipping with a TPM chip, however when running my Bare Metal scenario on this particular computer, the task sequence failed while on the Enable TPM step as there was no TPM chip in the motherboard. So to check for this possibility we created a simple script which parses the output of the cctk.exe --tpm command and if tpm= is found then we set a variable TPM_AVAILABLE=true,here's the script fyi

Check_for_TPM.wsf

--------- script starts below this line --------

<job id="checkTPM">
  <script language="VBScript" src="..\ZTIUtility.vbs"/>
  <script language="VBScript">
 
    Dim oShell
    Set oShell = CreateObject("WScript.Shell")
    
    oEnvironment.Item("TPM_AVAILABLE") = False
      
      retCode = oShell.Run("cmd /c " & Replace(WScript.ScriptFullName,WScript.ScriptName,"") & "cctk.exe --tpm | find " & chr(34) & "tpm=" & chr(34) , 0, True)
 
      If(retCode = 0) Then
        oEnvironment.Item("TPM_AVAILABLE") = True    
      End If
      
      WScript.Quit(0)

  </script>
</job>


--------- script end ---------

make sure that this script is in the same dir as your CCTK.exe file and that it has access to the ztiutility scripts from mdt, in addition make sure you've updated your boot.wim's with the CCTK or use my CCTK hapi workaround


once done, if the TPM chip is not found we have a step called TPM Chip not found which only runs if TPM_available=false

this is a Run Command Line step which simply executes the following no_TPM_chip_present.wsf file, this notifies the user that there's no TPM chip present in the bios and that it's not a supported system for BitLocker.

--------- script starts below this line --------

<job id="setEnv">
  <script language="VBScript" src="..\ZTIUtility.vbs"/>
  <script language="VBScript">

Dim oTSProgressUI
set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI")
oTSProgressUI.CloseProgressDialog()

    MsgBox "This computer does not meet the requirements for BitLocker, there is no TPM chip present or it is not a supported Dell model, please consult the Supported BitLocker Systems document. Click OK to shutdown the computer",0, "TPM Chip is not Present."
    WShell.Run "wpeutil shutdown",0, True


  </script>
</job>


--------- script end ---------


cheers

niall

Trackbacks

No Trackbacks

Comments

No Comments